Finding SHA-1 and SHA-256 thumbprints for ESXi, vCenter, vSphere Replication and Site Recovery Manager appliances
search cancel

Finding SHA-1 and SHA-256 thumbprints for ESXi, vCenter, vSphere Replication and Site Recovery Manager appliances

book

Article ID: 312777

calendar_today

Updated On:

Products

VMware Live Recovery VMware vCenter Server VMware vSphere ESXi

Issue/Introduction


These commands will help in extracting SHA-1 and SHA-256 fingerprints.

Resolution


The SHA-1 fingerprint is a string of 40 hexadecimal digits, usually in pairs separated by spaces or other non-alphanumeric delimiters.
The SHA-256 fingerprint is a string of 64 hexadecimal digits, usually in pairs separated by spaces or other non-alphanumeric delimiters.

vCenter:

root@VCSA67PR [ ~ ]# echo | openssl s_client -connect localhost:443 2>/dev/null | openssl x509 -noout -fingerprint -sha1
SHA1 Fingerprint=A2:FE:0C:92:73:9E:0F:B9:7B:81:EF:B6:0B:31:75:96:74:23:FB:AC

root@VCSA67PR [ ~ ]# echo | openssl s_client -connect localhost:443 2>/dev/null | openssl x509 -noout -fingerprint -sha256
SHA256 Fingerprint=12:6A:F7:33:15:AA:6B:24:4D:34:B3:3D:28:4B:87:20:E1:8F:82:66:47:BB:4B:70:29:2A:D2:EA:FE:A0:56:41

ESXi:

[root@ESXi67ADR:~] openssl x509 -in /etc/vmware/ssl/rui.crt -fingerprint -sha1 -noout
SHA1 Fingerprint=5F:91:73:12:87:4E:CA:DE:C1:8F:DD:39:90:67:07:3F:9F:5A:25:20

[root@ESXi67ADR:~] openssl x509 -in /etc/vmware/ssl/rui.crt -fingerprint -sha256 -noout
SHA256 Fingerprint=F9:6C:1A:06:1A:C8:97:75:E3:DC:4F:66:D1:48:80:23:98:AD:8B:83:4C:41:0B:4F:B0:7D:9C:4D:2C:16:BD:9F

vSphere Replication:

root@VRMSPR [ ~ ]# grep -i hms-keystore-password /opt/vmware/hms/conf/hms-configuration.xml
   <hms-keystore-password>6NL24Lxxus3m6LTU</hms-keystore-password>

root@VRMSPR [ ~ ]# cd  /usr/java/default/bin
root@VRMSPR [ /usr/java/default/bin ]# ./keytool -list -v -keystore /opt/vmware/hms/security/hms-keystore.jks -storepass 6NL24Lxxus3m6LTU
Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: jetty
Creation date: Nov 12, 2019
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=192.168.0.12, OU=Unknown, O=Unknown
Issuer: CN=192.168.0.12, OU=Unknown, O=Unknown
Serial number: 30dec3c
Valid from: Tue Nov 12 22:31:28 IST 2019 until: Sun Nov 10 22:31:28 IST 2024
Certificate fingerprints:
         MD5:  C7:EA:65:4B:8A:B5:67:47:4A:6C:43:1F:7E:87:CA:5E
         SHA1: 4F:D3:1E:7F:F4:F6:DE:18:DF:58:CD:88:A1:1C:CB:16:85:2E:E0:69
         SHA256: BB:2A:C9:FD:2C:CE:2D:5F:17:50:0E:0A:E9:01:83:E6:98:55:E4:6C:64:D4:2E:83:52:E4:3E:9A:67:FB:A4:D0

Site Recovery Manager:

admin@SRMPR [ ~ ]$ echo | openssl s_client -connect localhost:443 2>/dev/null | openssl x509 -noout -fingerprint -sha1
SHA1 Fingerprint=50:D2:80:D7:0F:7A:ED:35:AB:23:E2:76:45:A4:BE:10:22:A7:8E:F6

admin@SRMPR [ ~ ]$ echo | openssl s_client -connect localhost:443 2>/dev/null | openssl x509 -noout -fingerprint -sha256
SHA256 Fingerprint=1F:9E:F6:A4:2D:34:A3:19:05:48:E9:AA:70:A0:DB:31:62:59:E2:A9:6E:86:1C:39:FF:2D:82:B3:5E:37:08:E9

Powered by Wolken Software